I understand that one-time passwords don't work for inbound Web traffic
due to the nature of the HTTP protocol. Do any firewall vendors support
anything stronger than basic password authentication for inbound HTTP
traffic? With the current emphasis on intranets based on Web technology,
I would guess that this is a crying need in many companies. One of our
clients needs outside sales people to be able to access the company
intranet securely to place orders, check inventory, status, etc., and
the client is concerned about relying on simple password authentication.
I'd love to see support for something like SecureNet-every-hour or
SecureNet-every-day AND firewall- or webserver-based password
authentication. Coupled with browser-based SSL encryption, this seems
like a solid way to allow travellers to do intranet work. Ideally the
SecureNet-every-so-often feature would optionally require authentication
for each outside IP address so as to reduce the ability of attackers who
have learned the user's gateway password (perhaps via shoulder-surfing)
to get in while the user is in legitimately.
Is this sensible/possible? Does anyone support it now? Is anything like
this in the works?
-- Marc Rouleau
VP and Chief Technology Officer Voice: (812) 479-1700 Fax: (812) 479-3439
World Connection Services, LLC http://www.evansville.net
Follow-Ups:
|
|
